1

Yesterday, I set up a WordPress "cluster."

Now I have a problem: WordPress and stat-plugins only shows the users as internal IP addresses like 10.0.0.2.

My nginx configuration is:

  upstream backend {
  #ip_hash;
    server 10.0.0.3:80;
    server 10.0.0.2:8080;
   }

  server {
    listen 80;
    server_name bloggingsite.org;
    location / {

      proxy_pass http://backend;
        proxy_redirect     off;
            proxy_set_header   Host             $http_host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
#            client_max_body_size       10m;
#            client_body_buffer_size    128k;
#            proxy_connect_timeout      90;
#            proxy_send_timeout         90;
#            proxy_read_timeout         90;
#            proxy_buffer_size          4k;
#            proxy_buffers              4 32k;
#            proxy_busy_buffers_size    64k;
#            proxy_temp_file_write_size 64k;
    }
  }

Second server block:

  server {
    listen 8080;
    server_name bloggingsite.org;
    root /var/www/;
real_ip_header    X-Real-IP;
    include /etc/nginx/fastcgi_php;
    location / {
      index index.php;

if (!-e $request_filename) {
#rewrite ^.*/files/(.*)$ /wp-includes/ms-files.php?file=$1 last;
#rewrite ^.*/files/(.*)$ /wp-content/blogs.php?file=$1 last;
#rewrite .*/files/(.*) /wp-includes/ms-files.php?file=$1;
# rewrite ^.+?(/wp-.*) $1 last;
# rewrite ^.+?(/.*\.php)$ $1 last;
 rewrite ^ /index.php last;
}
    }
  }
Skyhawk
  • 14,200
  • 4
  • 53
  • 95
Flo
  • 13
  • 3

2 Answers2

1

it looks to me like your using a single nginx vhost to then reverse proxy into multiple servers all running nginx/php-fpm correct?

it also looks like your trying to use x-Real-IP from nginx - http://wiki.nginx.org/HttpRealIpModule

however your missing one vital header in your second nginx vhost:

set_real_ip_from   10.0.0.0/24;

this will allow it to validate the real ip header so that it will successfully set it, without it it wont actually change the real IP in your access logs and also your application (in this case wordpress), so your second vhost block should look more like:

server {
    listen 8080;
    server_name bloggingsite.org;
    root /var/www/;
    set_real_ip_from   10.0.0.0/24;
    real_ip_header    X-Real-IP;
    include /etc/nginx/fastcgi_php;
    location / {
        index index.php;

        if (!-e $request_filename) {
            #rewrite ^.*/files/(.*)$ /wp-includes/ms-files.php?file=$1 last;
            #rewrite ^.*/files/(.*)$ /wp-content/blogs.php?file=$1 last;
            #rewrite .*/files/(.*) /wp-includes/ms-files.php?file=$1;
            # rewrite ^.+?(/wp-.*) $1 last;
            # rewrite ^.+?(/.*\.php)$ $1 last;
            rewrite ^ /index.php last;
        }
    }
}

you can set more than one set_real_ip_from header in your vhost to only allow specific hosts to trust for the real ip but that config assumes you may add more servers in future and is simpler to maintain

anthonysomerset
  • 4,233
  • 2
  • 21
  • 24
  • Thanks very very much. The set_real_ip_from 10.0.0.0/24; was the reason, why it doesn't worked here - but know it works perfectly - Thanks! – Flo Oct 26 '11 at 18:49
0

The "server" will see connections from your proxy at 10.0.0.2 at the TCP level, where it grabs the IP's from - this is why you're seeing it this way.

Try looking at the X-Forwarded-For header instead or find something similar to mod_remoteip in apache which allows you to replace client IP by the value in X-Forwarded-For headers. I just googled for such functionality (I know of it in apache with mod_remoteip) and found this site: http://wiki.nginx.org/HttpRealIpModule

sandroid
  • 1,724
  • 12
  • 16